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DETAILED ACTION 

This Office Action is in response to the communication filed on 08/13/2008. 
Claim 21 has been amended. 

Claims 1-23 have been examined and are pending. 

Response to Arguments 

Applicant's arguments filed 08/13/2008 have been fully considered but they are not persuasive. 

Applicant's arguments, see page 2, filed 08/13/2008, with respect to the 35 U.S.C. 1 12, 
2 nd rejection of claims 21 have been fully considered and are persuasive. The 35 U.S.C. 1 12, 2 nd 
rejection of claim 21 has been withdrawn in view of amendment. 

Applicant's arguments, see page 2, filed 08/13/2008, with respect to the 35 U.S.C. 102 
(e) rejection of claims 1-7, 9-12, and 17-23 have been fully considered and are persuasive. The 
35 U.S.C. 102(e) rejection of claims 1-7, 9-12, and 17-23 has been withdrawn. However, upon 
further consideration, a new ground(s) of rejection is made. 

Specification 

The disclosure is objected to because of the following informalities: Since fig. 1 and fig. 
2 are labeled "Prior Art," All descriptions (page 7, line 5 to page 9, line 23 of the specification) 
related to the above figures should be placed under "BACKGROUND OF THE INVENTION" 
section. Appropriate correction is required. 



Claim Rejections - 35 USC §101 
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35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

Claims 1-23 are rejected under 35 U.S.C. 101 because the claimed invention is directed 
to non- statutory subject matter. 

Claim 1 recites limitations "defining a group of service providers'", "defining an owner", 
and "providing a unique identifier" which are not directed to eligible subject matter under 35 
U.S.C. § 101 in view of In re Comiskey, 499 F.3d 1365 (Fed. Cir. 2007). The claimed method 
does not require integrating a machine (e.g., a computer) or constitute a process of manufacture, 
or altering a composition of matter; therefore the claim is directed to non-statutory subject matter 
(See In re Bilski, Appeal No. 2007-1 130; Diamond v. Diehr, 450 U.S. 175, 184 (1981); Parker 
v. Flook, 473 U.S. 584, 588 n.9 (1978); Gottschalk v. Benson, 409 U.S. 63, 70 (1972); 
Cochrane v. Deener, 94 U.S. 780, 787-88 (1976)). 

Claim 9 recites limitations "defining a group of service providers", "providing a 
plurality of principals ", and "providing an identity provider" which are not directed to eligible 
subject matter under 35 U.S.C. § 101 in view of In re Comiskey, 499 F.3d 1365 (Fed. Cir. 2007) 
for the same reason stated above. 

Claims 2-4 are also rejected as nonstatutory under 35 U.S.C. 101 as they do not belong to 
any of the four categories set forth above. 

Claims 10-23 are also rejected as nonstatutory under 35 U.S.C. 101 as they do not belong 
to any of the four categories set forth above. 



Application/Control Number: 10/772,843 Page 4 

Art Unit: 2439 

Claim 5, although the preamble of the claim recites "an apparatus," the body of the claim 
does not positively recite any element of hardware. 

The body of the claim recites "a plurality of principals", "an identity provider", "a 
plurality of service providers", and "at least one service," which are directed to purely an abstract 
idea, a conceptual arrangement of entities, rather than an actual machine, and are not appropriate 
for components of an apparatus. 

In addition to the above, according to specification (last 4 lines of page 7), the 
"principals" can be people, which is non-statutory subject matter. 

Claims 6-8 are also rejected as nonstatutory under 35 U.S.C. 101 as they do not belong to 
any of the four categories set forth above. 

Claim Rejections - 35 USC § 112 

The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and 
distinctly claiming the subject matter which the applicant regards as his invention. 

Claims 5-8 and 21 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

Claim 5, although the preamble of the claim recites "an apparatus," the body of the claim 
does not positively recite any components. 

The claimed apparatus, as recited in claim 5, comprises "a plurality of principals", "an 
identity provider", "a plurality of service providers", and "at least one service," which are 
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directed to purely an abstract idea, a conceptual arrangement of entities which are not physical 
components. 

This is vague as to how the recited elements ("a plurality of principals", "an identity 
provider", "a plurality of service providers", and "at least one service,") make up the claimed 
apparatus. 

Claims 6-8 are dependent on claim 5 and they inherit the above issue of claim 5. 

Claim 21 recites the limitation "if a service provider having a service provider identity 
requests an identity of a user through different group affiliations" in lines 3-4, yet no limitation 
is provided if "a service provider does not have a service provider identity requests an identity 
of a user through different group affiliations'". This issue is raised because the "if conditional, 
by its very nature, exhibits alternative steps in the event the "if conditional fails; the alternative 
step(s) may, or may not, be limited to not performed any step(s). Ergo, the meets and bounds of 
the claim have not been clearly established. To remediate this issue, applicant must remove the 
conditional or include the alternative step(s) when the conditional fails. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 35 1(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 
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Claims 1-7, 9-12, and 17-23 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Yared et al. (US 2003/0149781 Al). 

As per claim 1: 

Yared teaches a method for establishing an affiliation within a single sign-on system, comprising 
the steps of: 

(a) defining a group of service providers that act as a single entity on a network for 
purposes of any of authentication, federation, and authorization [Yared: fig. 9; par. [0117]; 
"Identity Provider A 905 is linked with Service Provider A 910 and service provider B 915. 
User directory 920 for identity provider A 905 illustrates how multiple service provider 
accounts are linked"]. 

(b) defining an owner of said affiliation that is responsible for maintaining a list that 
shows which service providers are members of said affiliation, as well as any control structure or 
meta-data associated with said affiliation [Yared: fig. 9; par. [0117]; "Identity Provider A 
905 is linked with Service Provider A 910 and service provider B 915. User directory 920 
for identity provider A 905 illustrates how multiple service provider accounts are linked"]; 
and 

(c) providing a unique identifier for each affiliation within said single sign-on system in 
which said affiliation is defined [Yared: fig. 9; par. [0117]; "Identity Provider A 905 is 
linked with Service Provider A 910 and service provider B 915. User directory 920 for 
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identity provider A 905 illustrates how multiple service provider accounts are linked"; fig. 
9]. 

As per claim 2: 

Yared further teaches the method of claim 1, wherein said network comprises: a web services- 
based service infrastructure in which users manage sharing of is their personal information 
across identity providers and service providers [Yared: par. [0064]; "The web services 
architecture enables service providers to trigger services for users and requests for 
formation about users from identity providers'*]. 

As per claim 3: 

Yared further teaches the method of claim 2, wherein said web services implement a lightweight 
protocol for exchange of information in a decentralized, distributed environment [Yared : par. 
[0064]; "In an embodiment, back channel communications use the Simple Object Access 
Protocol (SOAP). SOAP enables a variety of computing devices to interoperate over 
HTTP"]. 

As per claim 4: 

Yared further teaches the method of claim 3, wherein said protocol comprises: 

an envelope that defines a framework for describing what is in a message and how to process it, 

a set of encoding rules for expressing instances of application-defined data types, and a 
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convention for representing remote procedure calls and responses [Yared : par. [0064] ; "In an 
embodiment, back channel communications use the Simple Object Access Protocol 
(SOAP). SOAP enables a variety of computing devices to interoperate over HTTP ... SOAP 
is an extensible markup language (XML) envelope and data encoding technology used to 
communication information and requests across an HTTP network. Although 
embodiments of the present invention use a web services architecture for communicating 
information across a network, one skilled in the art will recognize that other 
communications technologies can be used"]. 

As per claim 5: 

Yared teaches an apparatus for establishing an affiliation within a single sign-on system, 
comprising: 

(a) a plurality of principals that can acquire a federated identity and be authenticated and 
vouched for by an identity provider Yared: par. [0009], lines 6-8; par. [0047]; a federated 
identity; par. [0110-0111]; fig. 5 is an interaction flowchart illustrating an identity 
federation process; par. [0120-0121]; fig. 14, [0122]; "a user is authenticated by an identity 
provider and redirected to service provider"]; 

(b) an identity provider for authenticating and vouching for principals [Yared: par. 
[0120-0121]; fig. 14, [0122]; "a user is authenticated by an identity provider and redirected 
to service provider"]; 

(c ) a plurality of service providers that act as a single entity with regard to 
authentication, federation and authorization to establish a single sign-on system within which 
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such affiliation cooperates [Yared: fig. 9; par. [0117]; "Identity Provider A 905 is linked 
with Service Provider A 910 and service provider B 915. User directory 920 for identity 
provider A 905 illustrates how multiple service provider accounts are linked"]; and 

(d) at least one service associated with each service provider which comprises a grouping 
of common functionality comprising at least one method that callers can use to manipulate 
information managed by said service with regard to a particular principal [Yared: fig. 17; par. 
[0146]; par. [0009]; "A service provider performing banking transactions may require a 
stronger form of authentication (e.g., a certificate) to assure the integrity of the transaction; 
Par. [0049]; lines 6-10; "The service provider receives the credential and, in some 
embodiments, user profile data about the user. The service provider then permit the user to 
access authorized services without requiring additional authentication"; par. [0010], lines 
2-4, "An explicit trust chain is created when a user invokes account linking between a 
service provider and an identity provider"]. 

As per claim 6: 

This claim has limitations that are similar to those of claim 2, this it is rejected with the 
same rationale applied against claim 2 above. 



As per claim 7: 

This claim has limitations that are similar to those of claims 2-4, this it is rejected with 
the same rationale applied against claims 2-4 above. 
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As per claim 9: 

Yared teaches a method for establishing an affiliation within a single sign-on system, comprising 
the steps of: 

(a) defining a group of service providers that act as a single entity on a network for 
purposes of any of authentication, federation, and authorization [Yared: fig. 9; par. [0117]; 
"Identity Provider A 905 is linked with Service Provider A 910 and service provider B 915. 
User directory 920 for identity provider A 905 illustrates how multiple service provider 
accounts are linked"]; 

(b) providing a plurality of principals that can acquire a federated identity and be 
authenticated and vouched for by an identity provider [Yared: par. [0009], lines 6-8; par. 
[0047]; a federated identity; par. [0110-0111]; fig. 5 is an interaction flowchart illustrating 
an identity federation process; par. [0120-0121]; fig. 14, [0122]; "a user is authenticated by 
an identity provider and redirected to service provider"]; and 

(c) providing an identity provider for authenticating and vouching for principals [Yared: 
par. [0120-0121]; fig. 14, [0122]; "a user is authenticated by an identity provider and 
redirected to service provider"]. 

As per claim 10: 

Yared further teaches the method of claim 9, further comprising the steps of: 

(a) a principal logging into said identity provider [Yared: fig. 2; login to Identity 
Provider 225; par. [0062]; par. [0063]; "the user can then login to identity provider 225 
using, for example a password-based identity credential"]; 
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(b) said principal visiting a first service provider and federating to said group [Yared: 
par. [0038-0039]; "an identity provider authenticate a user's identity and passes a 
credential to a service provider"; fig. 9; par. [0117]; "Identity Provider A 905 is linked 
with Service Provider A 910 and service provider B 915. User directory 920 for identity 
provider A 905 illustrates how multiple service provider accounts are linked"]; and 

(c) said principal then visiting any other service provider within said group [Yared: fig. 
9; par. [0117]]. 

As per claim 11: 

Yared further teaches the method of claim 9, further comprising the step of: 

defining an owner of said affiliation that is responsible for maintaining a list that shows 
which service providers are members of said affiliation, as well as any control structure or meta- 
data associated with said affiliation [Yared: fig. 9; par. [0117]; "Identity Provider A 905 is 
linked with Service Provider A 910 and service provider B 915. User directory 920 for 
identity provider A 905 illustrates how multiple service provider accounts are linked"]. 

As per claim 12: 

Yared further teaches the method of claim 9, further comprising the step of: providing a 
unique identifier for each affiliation within said single sign-on system in which said affiliation is 
defined [Yared: fig. 9; par. [0117]; "Identity Provider A 905 is linked with Service 
Provider A 910 and service provider B 915. User directory 920 for identity provider A 905 
illustrates how multiple service provider accounts are linked"; fig. 9]. 
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As per claim 17: 

Yarded further teaches the method of claim 9, wherein said group has an identifier that is 
unique within a single sign-on system in which said group is defined [Yared: fig. 9; par. 
[0117]; "Identity Provider A 905 is linked with Service Provider A 910 and service provider 
B 915. User directory 920 for identity provider A 905 illustrates how multiple service 
provider accounts are linked"; fig. 9]. 

As per claim 18: 

Yared further teaches the method of claim 9, wherein service providers within a single 
sign-on system may be members of multiple groups, but can only act with a single affiliation for 
any given transaction [Yared: fig. 9; par. [0117]]. 

As per claim 19: 

Yared further teaches the method of claim 9, wherein a user federating with a group 
automatically federates with all members of said group [par. [0047] ; " By federation an 
account with an identity provider, for example, a user can continue to login to a service 
provider using existing service provider-specific username and also have benefits if using 
the identity providers. Further, the identity provider can be federated with other services 
that provide various applications. As described in detail below, account federation enables 
system entities to collaborate to provide user a service or perform a service on behalf of the 
user"; See also par. [0010]; "Accounts are linked using, for example, dynamically 
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generated, which are shared by service provider and identity provider being linked"; fig. 
9; par. [0117]; "Each handle is a dynamically generated, strong random identifier serving 
as a name for the principal in the namespace between the identity provider and the service 
provider"]. 

As per claim 20: 

Yared further teaches the method of claim 9, wherein a user authorizing access to a 
service by said federation authorizes access to any member of said group [par. [0047]; " By 
federation an account with an identity provider, for example, a user can continue to login 
to a service provider using existing service provider-specific username and also have 
benefits if using the identity providers. Further, the identity provider can be federated with 
other services that provide various applications. As described in detail below, account 
federation enables system entities to collaborate to provide user a service or perform a 
service on behalf of the user"]. 

As per claim 21: 

Yared further teaches the claim 9, further comprisning the step of: providing a unique 
identifier for any service provider/group affiliation wherein if a service provider having a service 
provider identity requests an identity of a user through different group affiliations, said service 
provider receives different unique identifiers for each group affiliation [Yared: fig. 9, par. 
[0117]]. 
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As per claim 22: 

OYared further teaches the method of claim 9, further comprising the step of: providing a 
same identifier to all members of said group when they are acting as a part of said group 
affiliation [Yared: fig. 9; par. [0117]]. 

As per claim 23: 

Yared further teaches the method of claim 9, further comprising the step of providing an 
affiliation name identifier for allowing sites to handle an automatic federation that take place 
with all members of said group [Yared: fig. 9; par. [0117]]. 

Claims 8 and 13-16 are rejected under 35 U.S.C. 103(a) as being unpatentable over Yared et 
al. (US 2003/0149781 Al) in view of the applicant's admitted prior art at page 7 line 5 to page 
9 line 23 of the specification, fig. 1 sand fig. 2 (Prior Art), hereinafter "AAPA". 

As per claim 13: 

Yared is silent about providing a discovery service for enabling a web service consumer 
to discover service information regarding a user's personal web services. 

However, AAPA teaches providing a discovery service for enabling a web service 
consumer to discover service information regarding a user's personal web services [AAPA: fig. 
2, pg. 8, line 20 to pg. 9, line 23]. 

Therefore, it would have been obvious to the person of ordinary skill in the art at the time 
the invention was made to combine the method of Yared by including the teaching of AAPA to 
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provide users with means for obtaining a service descriptor and assertion for service from the 
discovery service [AAPA: pg. 9 , lines 20-23]. 

As per claim 8: 

This claim has limitations that are similar to those of claim 13, this it is rejected with the 
same rationale applied against claim 13 above. 

As per claim 14: 

Yared and AAPA teach the subject matter as described in claim 13. 

AAPA further teaches the method of claim 13, further comprising the step of: providing a 
web service consumer associated with a service provider for requesting a service descriptor and 
assertion for service from said discovery service and for presenting an assertion from said other 
service provider with affiliate information [AAPA: fig. 1, pg. 8 , lines 14-17]. 

As per claim 15: 

AAPA further teaches the method of claim 14, further comprising the step of: said 
discovery service checking said other service provider affiliation and generating a service 
assertion based upon said other service provider affiliation [AAPA: figs. 1-2; pg. 7, line 5 to pg. 
9, line 23]. 



As per claim 16: 
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AAPA further teaches the method of claim 15, further comprising the step of: said web 
service consumer invoking a service with said service assertion via a web service provider 
[AAPA: figs. 1-2; pg. 7, line 5 to pg. 9, line 23]. 



Conclusion 

The prior arts made of record and not relied upon are considered pertinent to applicant's 
disclosure. 

US 20030163733 Al to Barriga-Caceres, Luis et al.; 
US 20040128546 Al to Blakley, George Robert III et al; 
US 20040002878 Al to Maria Hinton, Heather; 
US 20040128542 Al to Blakley, George Robert III et al.; 
US 20040128541 Al to Blakley, George Robert III et al.; 
US 20040128506 Al to Blakley, George Robert III et al.; 
US 20040128393 Al to Blakley, George Robert III et al.; 
US 20040128392 Al to Blakley, George Robert III et al; 
US 7219154 B2 to Blakley, III; George Robert et al; 
US 20040128378 Al to Blakley, George Robert III et al.; 
US 20040128383 Al to Hinton, Heather Maria; 
US 200301 15267 Al to Hinton, Heather Maria et al; 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Canh Le whose telephone number is 571-270-1380. The 
examiner can normally be reached on Monday to Friday 7:30AM to 5:00PM other Friday off. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Zand Kambiz can be reached on 571-272-381 1 . The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Canh Le/ 

Examiner, Art Unit 2439 
November 13 h , 2008 
/Kambiz Zand/ 

Supervisory Patent Examiner, Art Unit 2434 



